SCAM ALERT: Individuals Breaching Company Passwords
A recent scam has raised alarm among businesses and employees.
Several companies have reported their systems were breached using valid customer or employee login data, according to the The Office of the Privacy Commissioner of Canada (OPC).
Allegedly, the criminals obtained the data from previous and unrelated breaches, wherein username and password combinations were published online.
“There’s a simple way for individuals to prevent these types of password reuse breaches: Don’t reuse passwords,” said Commissioner Daniel Therrien.
Businesses, employees, and residents alike are urged to use different passwords for different accounts - individuals who use the same password for multiple accounts are at greater risk.
“Businesses also have a role to play. They should require employees to change their work passwords if they’ve ever used the same one elsewhere. Companies should also remember that an employee’s password should not be their only line of defense against online intruders," said Therrien.
Multifactor authentication, or having multiple steps to accessing an account, such as answering a series of personal questions, is also recommended for anyone accessing company servers remotely, like when employees are working from home.
It's also helpful to remember to avoid obvious password choices, like a pet's name that you may have posted elsewhere, make passwords more than eight characters, use a unique combination of letters, numbers, and symbols, and keep passwords locked away and offline in a secure area.
All companies that have reported breaches have notified affected customers.
For more tips on mitigating the risk of password reuse, click here.